US11650938B2ActiveUtilityA1

Device-capability-based locking key management system

44
Assignee: DELL PRODUCTS LPPriority: Jan 25, 2019Filed: Jan 25, 2019Granted: May 16, 2023
Est. expiryJan 25, 2039(~12.5 yrs left)· nominal 20-yr term from priority
H04L 67/30G06F 12/1466H04L 63/062G06F 3/0671G06F 21/78G06F 12/1408G06F 3/0634G06F 11/1076G06F 21/575G06F 2212/1052G06F 3/0622
44
PatentIndex Score
0
Cited by
5
References
17
Claims

Abstract

A device-capability-based locking key management system includes a key management system coupled to a server device via a network. The server device includes storage devices coupled to a remote access controller device. The remote access controller device identifies each of the storage devices, and then identifies a key management profile for each of the storage devices. A first key management profile identified for at least one first storage device is different from a second key management profile identified for at least one second storage device. The remote access controller device then uses the respective key management profile identified for each of the storage devices to create a respective key management sub-client for each of the storage devices, and each respective key management sub-client communicates with the key management system to provide a locking key for its respective storage device.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A device-capability-based locking key management system, comprising:
 a key management system; and 
 a server device that is coupled to the key management system via a network, wherein the server device includes:
 a plurality of storage devices of different types; and 
 a remote access controller device that is coupled to each of the plurality of storage devices, wherein the remote access controller device operates independently of an operating system provided on the server device and is coupled to the key management system via an out-of-band connection, and wherein the remote access controller device is configured to:
 identify each of the plurality of storage devices and a type of each of the plurality of storage devices; 
 identify a key management profile for each of the plurality of storage devices based on the type for that storage device, wherein a first key management profile identified for at least one first storage device of a first type included in the plurality of storage devices is different from a second key management profile identified for at least one second storage device of a second type; and 
 create, using the respective key management profile identified for each of the plurality of storage devices, a respective key management sub-client for each type of the plurality of storage devices, wherein each of the respective key management sub-clients operates on the remote access controller device and is configured to:
 communicate, according to the respective key management profile identified for its storage device, with the key management system via the out-of-band connection to retrieve a locking key for that storage device; and 
 provide, according to the respective key management profile identified for its storage device, the locking key and locking key management commands directly to that storage device. 
 
 
 
 
     
     
       2. The system of  claim 1 , wherein the remote access controller device is configured to:
 retrieve key management information from each of the plurality of storage devices, and wherein the respective key management sub-client for each of the plurality of storage devices is configured to use the key management information retrieved from that storage device to provide the locking key for that storage device. 
 
     
     
       3. The system of  claim 1 , wherein the remote access controller device is configured to:
 receive each of the key management profiles identified for each of the plurality of storage devices; and 
 store the key management profiles in a key management database that is included in the server device. 
 
     
     
       4. The system of  claim 1 , wherein the server device includes:
 an intermediary device coupled between the remote access controller and at least one of the plurality of storage devices, wherein at least one first key management sub-client is configured to provide the locking key and the locking key management commands to its respective storage device via the intermediary device. 
 
     
     
       5. The system of  claim 1 , wherein the server device includes:
 an intermediary device coupled between the remote access controller and at least one of the plurality of storage devices, wherein the remote access controller device is configured to provide the locking key to its respective storage device via the intermediary device, and wherein the intermediary device is configured to provide the locking key commands to that storage device. 
 
     
     
       6. An Information Handling System (IHS), comprising:
 a remote access controller processing system that operates independently of a processing system that provides an operating system for the IHS; and 
 a remote access controller memory system that is coupled to the remote access controller processing system and that includes instructions that, when executed by the remote access controller processing system, cause the remote access controller processing system to provide a remote access controller that is configured to:
 identify each of a plurality of storage devices that are coupled to the remote access controller processing system and a type of each of the plurality of storage devices; 
 identify a key management profile for each of the plurality of storage devices based on the type for that storage device, wherein a first key management profile identified for at least one first storage device included in the plurality of storage devices of a first type is different from a second key management profile identified for at least one second storage device of a second type; and 
 create, using the respective key management profile identified for each of the plurality of storage devices, a respective key management sub-client for each type of the plurality of storage devices, wherein each respective key management sub-client operates on the remote access controller device and is configured to:
 communicate, according to the respective key management profile identified for its storage device, with a key management system via an out-of-band channel to retrieve a locking key for that storage device; and 
 provide, according to the respective key management profile identified for its storage device, the locking key and locking key management commands directly to that storage device. 
 
 
 
     
     
       7. The IHS of  claim 6 , wherein the remote access controller is configured to:
 retrieve key management information from each of the plurality of storage devices, and wherein the respective key management sub-client for each of the plurality of storage devices is configured to use the key management information retrieved from that storage device to provide the locking key for that storage device. 
 
     
     
       8. The IHS of  claim 6 , further comprising:
 an intermediary device coupled to the remote access controller processing system, wherein at least one first key management sub-client is configured to provide the locking key and the locking key management commands to its respective storage device via the intermediary device. 
 
     
     
       9. The IHS of  claim 8 , wherein the intermediary device is provided by a Host Bus Adapter device. 
     
     
       10. The IHS of  claim 6 , further comprising:
 an intermediary device coupled to the remote access controller processing system, wherein the remote access controller device is configured to provide the locking key to its respective storage device via the intermediary device, and wherein the intermediary device is configured to provide the locking key commands to that storage device. 
 
     
     
       11. The IHS of  claim 10 , wherein the intermediary device is provided by one of a Basic Input/Output System (BIOS) and a Redundant Array of Independent Disks (RAID) controller device. 
     
     
       12. A method for managing locking key based on device capabilities, comprising:
 identifying, by a remote access controller device that is included in a server device and that operates independently of an operating system provided on the server device, each of a plurality of storage devices that are located in the server device and coupled to the remote access controller device and identifying a type of each of the plurality of storage devices; 
 identifying, by the remote access controller device, a key management profile for each of the plurality of storage devices, wherein a first key management profile identified for at least one first storage device of a first type included in the plurality of storage devices is different from a second key management profile identified for at least one second storage device of a second type; 
 creating, by the remote access controller device using the respective key management profile identified for each of the plurality of storage devices, a respective key management sub-client for each type of the plurality of storage devices, wherein the respective management sub-client operates on the remote access controller device; 
 communicating, by each key management sub-client created by the remote access controller device according to the respective key management profile identified for its storage device, with a key management system via an out-of-band connection to retrieve a locking key for that storage device; and 
 providing, by each first key management sub-client according to the respective key management profile identified for its storage device, the locking key and locking key management commands directly to that storage device. 
 
     
     
       13. The method of  claim 12 , further comprising:
 retrieving, by the remote access controller device, key management information from each of the plurality of storage devices, wherein the respective key management sub-client for each of the plurality of storage devices is configured to use the key management information retrieved from that storage device to provide the locking key for that storage device. 
 
     
     
       14. The method of  claim 12 , further comprising:
 providing, by the at least one first key management sub-client created by the remote access controller device, the locking key and the locking key management commands to its respective storage device via an intermediary device coupled between the remote access controller device and that storage device. 
 
     
     
       15. The method of  claim 14 , wherein the intermediary device is provided by a Host Bus Adapter device. 
     
     
       16. The method of  claim 12 , further comprising:
 providing, by the at least one first key management sub-client created by the remote access controller device, the locking key to its respective storage device via an intermediary device coupled between the remote access controller device and that storage device; and 
 providing, by the intermediary device, the locking key commands to that storage device. 
 
     
     
       17. The method of  claim 16 , wherein the intermediary device is provided by one of a Basic Input/Output System (BIOS) and a Redundant Array of Independent Disks (RAID) controller device.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.